漏洞描述
【漏洞对象】SiteServer CMS 【涉及版本】3.6.4 【漏洞描述】该应用background_contentsGroup.aspx文件publishmentSystemID参数sql注入,可能造成数据泄露,甚至服务器被入侵。
siteserver CMS 3.6.4 background_contentsGroup.aspx页面publishmentSystemID参数-SQL注入
PoC代码
暂无相关漏洞推荐
- ERG2 1350W 路由器默认口令漏洞
- 微力同步 /rest/f/api/resources/f96956469e7be39d 文件读取漏洞
- WordPress Yoco Payments plugin /wp-json/yoco/logs 目录遍历漏洞(CVE-2025-13801)
- Frappe /files 目录遍历漏洞(CVE-2025-68953)
- POC CVE-2006-3392: Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure
- POC CVE-2011-3600: Apache OFBiz - XML External Entity Injection
- POC CVE-2015-8350: WordPress Calls to Action <=2.4.3 - Authenticated Reflected XSS
- POC CVE-2016-15043: WP Mobile Detector <= 3.5 - Unrestricted File Upload
- POC CVE-2017-11107: phpLDAPadmin <= 1.2.3 - Reflected XSS
- POC CVE-2019-11253: Kubernetes API Server - YAML Parsing DoS (Billion Laughs)
- POC CVE-2019-15823: WPS Hide Login <= 1.5.2.2 - Login Page Bypass
- POC CVE-2019-9082: ThinkPHP < 3.2.4 - Remote Code Execution
- POC CVE-2020-12832: WordPress Simple File List - Path Traversal